Senior Cyber Security Engineer, Incident Response

FRANKLIN, Tennessee, United States

Community Health Systems

View company page

Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems in 40 distinct markets across 15 states, CHS is committed to helping people get well and live healthier. CHS operates 71 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.



As a Senior Security Engineer, you are expected to have in-depth knowledge in the responsibilities listed below, gained through both training, work experience and self-study. You can be trusted to work independently with minimal supervision, and can take a leadership role during challenging situations.

Technical competence in areas listed below. Good critical thinking skills. Strong analytical and problem resolution skills and organizational skills. Strong ability to work on and prioritize multiple, concurrent projects while meeting aggressive deadlines in a fast-paced environment. Willingness to participate in cross-functional training and support. Ability to work independently.

Essential Duties and Responsibilities:

  • Investigate malicious activity and perform incident investigations to determine the root cause of the incident while preserving evidence for potential legal action
  • Lead collaboration in containment, eradication and remediation efforts with the incident response team by detecting, analyzing and performing remediation on attacks that deny the use of authorized applications, network systems or other resources while working in partnership with the constituents that consist of enterprise legal staff, litigation or Ethics and Compliance
  • Conduct research to create Threat Hunting and Detection Engineering opportunities for team members
  • In-depth knowledge of the MITRE ATT&CK, MITRE D3FEND, and Cyber Kill Chain frameworks.
  • Required to participate in the team on-call rotation and respond to after hour escalations when needed.
  • Demonstrate intuitive problem solving skills and communicate incidents to the appropriate stakeholders for remediation
  • Develop and accumulate lessons learned documentation from incidents to identify controls to prevent identified malicious activity from reoccurring
  • Partner with technical personnel and additional teams as required in order to contain, eradicate and remediate incidents to drive incidents to closure as part of the incident response life cycle
  • Appropriately inform and advise team members and leadership on incidents and incident prevention
  • Participate in knowledge sharing with other analysts and develop sound processes and solutions efficiently


  • Required Education: High School diploma
  • Preferred Education: Bachelor’s degree preferred or relevant experience. Appropriate industry certification(s) desired.
  • Required Experience:
    • Deep knowledge of typical IT platforms, operating systems, and configuration methods
    • Deep knowledge of Security threat tactics and prevention and detection techniques
    • Deep knowledge of system administration concepts
  • Preferred Experience:
    • Industry recognized cyber security training or certifications to include SANS, ISC2, EC-Council or CompTIA vendors.
    • Experience working with or on a CSIRT or Security Incident Response team
    • Security background, with understanding of SANS Preparation Identification Containment Eradication Recovery Lesson Learned (PICERL) or similar Incident Response methodologies
  • Required License/Registration/Certification: None
  • Computer Skills Required: Productivity suite software required


Physical Demands:
In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:

  • The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.
  • The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.
  • The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.
Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  4  1  0

Tags: Compliance CompTIA CSIRT Cyber Kill Chain Incident response MITRE ATT&CK SANS

Region: North America
Country: United States

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.